Cross-site Scripting (XSS) - Stored in tsolucio/corebos
Reported on
Dec 12th 2021
Description
Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before.
Proof of Concept
<?xml version="1.0"?>
<html:html xmlns:html='http://www.w3.org/1999/xhtml'>
<html:script>
alert(document.domain);
</html:script>
</html:html>
Steps To Reproduce
1.After login, navigate Inventory -> Product and create/edit any product.
2.While editing a product, upload a malicious XML file in product image.
3.Click Choose file and choose the XSS.xml and then click Save.
4.After uploading successfully, copy the link of the image and open it in a new tab.
The XSS will trigger when the attachment is opened in a new tab.
Video POC
https://drive.google.com/file/d/1vsyRMt-8VuTUFnFw6YBfjMlFw6L-v5m5/view?usp=sharing
Note
The link to the image will look like this: https://demo.corebos.com/storage/2021/December/week2/43906_XSS.xml
Impact
This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
Hey @dev696,
A real researcher will not just copy all the content from other reports. You should try to write your reports by yourself. What have you learned after reporting this vulnerability? Just earn the bounty or improve your skills in cybersecurity?
What a shame on you!
The maintainer should be aware of this person, he is not a researcher, he is a copier!
@chau Minh Khanh, Please have some shame, there is no content which i have copied, dont have some better job, come to india i will give give you a great job here. People like you are shame on society, whose job is to just comment here and there with no job.